On 4/12/2011 10:41 PM, Stan Hoeppner wrote:
Noel Jones put forth on 4/12/2011 6:56 PM:
On 4/12/2011 4:19 PM, Stan Hoeppner wrote:
Mikael Bak put forth on 4/12/2011 7:31 AM:
Stan Hoeppner wrote:
[snip]
Received: from [190.221.28.39] (unknown [190.221.28.39])
In this example, reject_unknown_reverse_client_hostname would have
generated a 450 rejection. You should always use
reject_unknown_reverse_client_hostname at minimum, or the more
restrictive reject_unknown_client_hostname, though this one can cause
problems with FPs on occasion. Best to use it with warn_if_reject
for a
while and monitor what it would have rejected.
http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
However, it appears that 190.221.28.39 has rDNS of
Name: host39.190-221-28.telmex.net.ar
Address: 190.221.28.39
No. The "reject_unknown_reverse_client_hostname" in the above example
would not have generated a 450 rejection, since the IP address HAS a
reverse dns hostname.
Yes, it would have. Note the "unknown" in the Received line. The rDNS
The "unknown" gives zero information about the client's rDNS. The
I didn't say it did. It does tell us there was a related error, and we
know the IP has valid rDNS.
"unknown" signifies that the client does not have correct FCrDNS, which
does not disclose rDNS status.
Combining "unknown" with the fact that "host" returns a valid rDNS name
tells us the likely cause of "unknown" in this case was a temporary DNS
lookup failure.
No.
A client is marked unknown when 1) the client IP address->name mapping
fails, 2) the name->address mapping fails, or 3) the name->address
mapping does not match the client IP address.
Since we know valid rDNS exists via manual sleuthing, it's pretty
reasonable to conclude 1) above occurred, is it not?
Absolutely not. In this particular case it appears it was 2)
that failed.
The client is marked "unknown" if *any* of the three tests fail.
Repeat 100 times:
The client is marked "unknown" if *any* of the three tests fail.
The postfix log will show the reason why the client is marked unknown,
but postfix does not indicate the reason in the Received: header.
Always good practice to check logs. Though in this case enough
information was available in lieu of logs to correctly describe the
issue, and put it in the context of the larger question, which was "best
methods to block spam from this type of host".
Do you disagree?
I disagree.
Postmortem sleuthing shows this client has working rDNS but no
A record for the rDNS name. You can't tell this from looking
at the Received: header.
Your advice that reject_unknown_reverse_client_hostname will
reject this host is incorrect. While that restriction is
useful and safe for most sites, it will probably not reject
this particular client, which has rDNS but no
hostname->address mapping.
-- Noel Jones
